y - Net Developer

CHAPTER 7 ■ IMPLEMENTING WCF SECURITY 235ramrameshreddy.blog.comUsing System;Using System.Threading;if (Thread.CurrentPrincipal.IsInRole("SeniorManager")){// Code to delete purchase order}You can also utilize .NET Framework security to force the runtime to authorize entities atthe function level. The following code snippet will demand the permissions you need to checkbefore the user can execute the function. This is an alternative to the IsInRole feature of .NETFramework.using System.Security.Permissions;...[PrincipalPermission(SecurityAction.Demand, Role="SeniorManager")]public bool DeletePurchaseorder(){// Code to delete purchase order.}It is important to understand the basics of authentication and authorization to grasp thesecurity concepts in WCF and the .NET Framework. You’ll now learn how to implementauthorization in WCF security. Here are the steps:1. The first step is to add the authorization information to the ExchangeService module.You have not enforced any authorization check to the code until now. You have reliedon the Windows authentication models to authenticate the user. As soon as theauthentication is valid, the client has been able to extract the stock prices from theservice. Let’s tie authorization to the user’s Windows credentials. Let’s assume you aregoing to restrict the access to the TradeService function only to administrators for thepurposes of this example. Therefore, any other user who is not part of the Administratorgroup will not be able to access the service. Code this logic into ExchangeService, asillustrated in Listing 7-8. The code explicitly instructs the .NET runtime to checkwhether the user has the Administrator role.Listing 7-8. ExchangeService Code to Include Authorizationusing System;using System.ServiceModel;using System.Security.Permissions;namespace ExchangeService{ramrameshreddyramrameshreddy